• Home
• Services
• Portfolio
• Support
• About Us
• Contact Us

Article Comments

• 1

  Andy, 09:52
  22 March 2007

  Hi there,
  Your verification system is really cool, is it possible to have it only generate numbers..?
  Thanks Andy

• 2

  Bob, 09:56
  22 March 2007

  Good idea - I've updated the script to include this - it simply requires adding a variable under options called "lettersAllowedInCode" (true or false) and updating the IF statement in the generateRandomCode function to read: IF (flipACoinFiftyFifty OR numbersAllowedInCode = FALSE) AND lettersAllowedInCode = TRUE THEN.

  I'll update the downloadable script and examples asap.

  Bob

• 3

  Miles, 10:38
  26 March 2007

  The image does not display. When I try to right-click over the alt tag text "Verify Code" and choose view image I get an error "Server.CreateObject Failed"

  Is this because I need to have write permissions set for my www root folder?

• 4

  Bob, 11:05
  26 March 2007

  Miles,

  No - no folder should need write permissions because the image is never written to disk - the error looks as though ASPJpeg (the software component this script is written to utilise) isn't installed properly.

  Can you confirm?

  B

• 5

  Miles, 14:28
  26 March 2007

  That was it. The ASPJpeg wasn't installed. Thanks!

• 6

  Bill Woodland, 10:39
  28 March 2007

  Nice stuff, Bob. I used this code on someone's web site last weekend. Her web host has a site license for aspjpeg, and it's done a great job of keeping script kiddies from adding viagra ads to her guestbook.

  Unfortunately, not everyone has aspjpeg, which is the case at my office, so I'll be converting it to work with the FREE OverPower library....old, but still available at this url:

  http://www.precompiled.com/programming/overpasp.zip

  Anyone interested should read the article here:

  http://www.precompiled.com/programming/asp_image_manipulation.asp

  Since I work for a state agency in Texas, web pages created after 9/1/2006 have to be made accessible, so just having the captcha image isn't enough. I'll have to create an AUDIO captcha to make it accessible to people with visual imparements. One guy who has done this using PHP can be found here:

  http://bokehman.com/captcha_verification

  Now all I need is a way to do a binary read in ASP to read the .wav files and concatenate them together. ASP doesn't have a binary read, so I'll use another free component for that from xStandard.com here:

  http://xstandard.com/page.asp?p=31E7497C-15A9-4FEA-8950-07935962E847

  This buffer component can be used to read and write text and binary files.

  Once I get all of that working in ASP, I'll have to convert it to (UGH!) cold fusion, since we also use that at my office.

  I've surely got my work cut out for me. I'll let you know once it's all done, and you can put it all together with yours, if you'd like.

• 7

  Bob, 11:29
  28 March 2007

  Hi Bill,

  Thanks for the post - I'd never heard of the "OverPower" library - I was trying to find a free image manipulation add on for ASP.

  I'll give this a go as soon as I get the chance but would also love to see what you produce!

  Accessible Captcha

  A yes - the accessible Captcha issue has been driving me nuts as an ASP developer. The main thing I'm struggling with is finding a way of "stitching" the source WAVs together to produce a temporary audible code. From the link you sent it appears this is fairly straight forward in PHP (why oh why didn't I learn PHP instead!?).

  I've considered using Flash for this as its fairly well supported in Accessibility terms these days, solving the issue of compressed audio and player all in one but passing the information to the Flash move clip in a secure format from the server is a nightmare - looking in to SHA1 encryption at the moment but its all so messy!
  

• 8

  Pat Gallagher, 04:55
  29 March 2007

  If this works your a genius
  Thanks and best wishes
  Pat

• 9

  Bob, 07:52
  29 March 2007

  Pat - as long as you have ASPJpeg installed on your server or hosting package, you should just be able to copy and paste the script and the imageVerification.asp file and away you go!

• 10

  Dave Austin, 11:09
  29 March 2007

  Bill,

  I, too, will be checking back on your progress as we are a small not-for-profit in New York State and really need some relief from the scriptkiddies who are attacking our Contact Us form daily. We, also, cannot afford ASPJpeg, so any OverPower lib dependent code in ASP that we might be able to "steal" from you would really help.

  Thanks,
  Dave

• 11

  Bob, 13:44
  24 April 2007

  Hi all,

  For those who don't have ASPJpeg or are looking for a free CAPTCHA solution, I took Bill Woodland's advice and created one using OverPower. Bill has also done a great job creating a script that supports both ASPJpeg AND the free Overpower component.

  You can see these here /articles/display/?articleID=26

  Enjoy and thanks again to Bill Woodland for his help and contributions

  Bob

• 12

  Bill Woodland, 17:19
  25 April 2007

  I thought I'd pass on a different way to verify that the user is a human being: text based verification. (This code hasn't been tested...I just typed it in from my head):

  <%
  randomize
  session("n1")=rand(now()*now())*10
  randomize
  session("n2")=rand(session("n1")*now()*now())*10
  %>

  How much is <%=session("n1")%> plus <%=session("n2")%>?
  
  

  The ACTION script would simply add the two session variables together and compare with what was entered:

  'check for any other errors above this, incrementing "errors" for each error you find
  if cint(request.form("verify")) <> cint(session("n1"))+cint(session("n2")) then
  message=message & "You didn't enter the right number.
  "
  errors=errors+1
  end if

  if errors >0 then
  response.write "

  " & message & "Click your browser's back button to try again.

  "
  response.end
  end if

  It's not perfect...those with COGNITIVE impairments, who can't add together two one-digit numbers will still fail this test, but I think it would be difficult for script kiddies to get past this.

• 13

  Bob, 08:10
  28 April 2007

  Hi Bill,

  Thanks for that - its an excellent idea - if you or anyone else thinks of anymore, it might be worth having an "Alternative CAPTCHAs Page"!

• 14

  Violet, 00:56
  17 May 2007

  I am totally dying to get this to work but cannot seem to make the image appear on my browser :( I mean it works here but when I test it on my computer, contactForm.asp won't show the image..

• 15

  Peter Jarvis, 04:04
  19 June 2007

  Absolutely fantastic. I had a really complicated user registration page on my site and was finding it really difficult to find an asp verification script that would integrate with it. This worked first time - brilliant. Good work!

• 16

  Bill Woodland, 12:05
  19 June 2007

  I want point out a few minor changes that I have made to this code, now that I've implemented the audio captcha (http://www.squeekasp.com/?id=89).

  If a blind user clicks on the audio link, their BROWSER might actually be used to play the audio file. If this is true, they then have to hit the back button to get back to the page with the form. At this point, the value of session("verificationCode") gets changed, so the code they need to type in is no longer the code they heard. The easy fix to that is to only create a new captcha code if the current one is blank. To do this, simply change this line:

  CALL writeCodeToImage(generateRandomCode())

  to this:

  if session("verificationCode") & "" ="" then CALL writeCodeToImage(generateRandomCode())

  Of course, the code that processes the form MUST set session("verificationCode") = "" once it has stored your comment/guestbook entry, or else that user would be able to spam you by using the same captcha code over and over.

• 17

  Marie, 10:01
  11 September 2007

  I apologize I am just testing if it works on both browsers + keyboard.

  Marie

• 18

  James, 16:45
  13 September 2007

  I simply cannot get the image to appear (it shows a red x). My hosting company swears that aspjpeg is installed but when I copied the contactForm.asp and imageverification.asp to the root folder and ran the contactform.asp in a browser no image. Can any help?

• 19

  Bob, 20:27
  13 September 2007

  James, the quickest way to test whether the script is working or not is to directly call the image in a browser, for example, paste this in your browser:

  www.freshmango.com/inc/imageVerification.asp

• 20

  James, 11:41
  14 September 2007

  Thanks Bob, that actually works and I see the image that way, but if I use the contactForm.asp it just shows a red x where the image should be. I'm not sure where to begin troubleshooting

• 21

  James, 11:52
  14 September 2007

  Bob, I apologize. It worked. I had made a stupid mistake in the path. Correcting that solved it. Thank you for your help!!!!

• 22

  dan, 22:42
  07 October 2007

  any tips for using this when sending info (POST) to a different page instead of to the same page? It's not working for me (perhaps the session doesn't stay intact?). I've tried writing the session variable to a form variable and sending that, but can't get it to work.

• 23

  Joe, 10:40
  08 October 2007

  What version of ASPJpg is this based on? My Host EDTHosting.com claimed to have ASPJPG installed, but it is only version 1.3.0.0

  The line of code giving the error is:

  Microsoft VBScript runtime error '800a01b6'

  Object doesn't support this property or method: 'aspJpegImageObject.New' (Line 88)
  This pertains to the Server.CreateObject line, EDT say that I have permissions for this ans the problem is the code is written for a newer version of ASPJPG.

  Is there a version of this script that will work with version 1.3.0.9 of ASPJPG?
  

• 24

  Bob, 11:37
  09 October 2007

  Dan, the session variable should stay intact - not sure what else to suggest really!

• 25

  Bob, 11:39
  09 October 2007

  Joe, the error you are recieving definately sounds like a version issue - I use version 1.6 - it should be a free upgrade for your ISP.

• 26

  Dan, 13:54
  09 October 2007

  The issue I'm having is that the code is 1 behind. In other words, if 1234 is shown and then I refresh and 5678 is shown, it's holding 1234. If I refresh again and 9999 is shown, then session variable is 5678.

• 27

  Bob, 15:03
  09 October 2007

  Dan, all I can surmise is that for some reason the script is being called twice OR the image is being cached. In the IMG tag for the code, try adding ?noCache=<%=date%> to the end of the filename. For more detail, look at the src path of any of the CAPTCHA boxes on my website.

• 28

  Bill Woodland, 01:08
  10 October 2007

  Dan:

  I saw your note about post vs. get, and got to thinking. It might have to do with the order i which you are calling the imagaverification.asp script. BTW POST or GET doesn't matter. Check this out:

  This is the current verification code:<%=SESSION("verificationCode")%><br />
  <form action="myscipt.asp" method="post">
  <label for="usercode">Enter the code you see below:</label>
  <input type="text" value="" name="usercode" id="usercode" /><br />
  <img src="imageverification.asp">
  <input type="submit" value="Submit" />
  </form>
  This is the new verification code:<%=SESSION("verificationCode")%><br />

  Refresh the page once or twice, and then look at the "current verification code". What you're seeing is the value of SESSION("verificationCode") that was created the LAST TIME imageverification.asp was run. Now look at the value of "new verification code". That's the code the user is going to see in the image. I'm not sure what you're doing, but I thought this might help you diagnose.

• 29

  Dan, 17:57
  11 October 2007

  got the issue resolved. It was the way I was trying to handle the session variable and pass it off. Thanks! Great resource here. Will help a bunch!!

  While I'm at it, any thoughts to this? I have been using a random code generator and displaying that in the status bar area and requiring that be entered into a text box field. I haven't had issues with SPAM yet. Not sure if the robot programs look there or not. Very simple code to do it that way. Not sure ultimately how affective it is.

• 30

  Kev, 06:53
  04 March 2008

  works a treat - i just wish the aspjpeg was cheaper - but it works excellent - i recomend it, it stopped the spammers dead in there tracks on multiple sites i run.

• 31

  Bob, 07:41
  04 March 2008

  Kev,

  Why not check out the free overpower version of this script here:

  http://www.freshmango.com/articles/display/?articleID=26

• 32

  Teresa, 15:41
  14 March 2008

  I am so grateful for this code. I would stumble blindly without it. I am assuming the line: myEmailObject.To = "webmaster@freshmango.com" requires a change. My hosting company specifies what to use for cdonts: relay-hosting.secureserver.net WWould you know how to implement this in your code? Thank you so much!

• 33

  Bob, 15:53
  14 March 2008

  Hi Teresa,
  The best way to do what you ask is via CDOSYS - I've added a quick example to the bottom of the article.

• 34

  Teresa, 21:48
  14 March 2008

  Thank you for pointing the way. I had to combined your ASP Form Image Code Verification script with a CDOSYS script from OutFront Webmaster Forum and now it works perfectly!

• Home
• Services
• Portfolio
• Support
• About Us
• Our Gallery
• Contact Us

Copyright © 2008 Fresh Mango Technologies. All Rights Reserved.

FreshMango.com is Coded Using Standards Compliant XHTML & CSS.